Notices tagged with cybersecurity, page 2

Ich sags ungern, aber: Told you so.
Vor genau diesem Szenario warne ich seit Monaten in diversen Vorträgen, Podcasts, Texten. Oft kommt zurück: "Ach komm, jetzt mach doch nicht immer alles schlecht. Wir können nicht auf KI verzichten, es machen doch alle..." Und: "Diese Attacken gibt es doch nur in der Theorie."
Voila: Hier eine reale Attacke des chinesischen Geheimdienstes mit der Hilfe von KI Agenten von Anthropic.
https://www.anthropic.com/news/disrupting-AI-espionage

#aiagents #anthropic #chatgpt #cybersecurity

Austria’s Ministry of Economy kicks out Microsoft, moving 1,200 staff to Nextcloud in 4 months 🕒

EU-based cloud ensures GDPR & NIS2 compliance 🇪🇺
Hybrid setup keeps Teams only for external use; all internal collaboration now on Nextcloud 🔒
Smooth rollout earns positive employee feedback 👍

🔗 https://news.itsfoss.com/austrian-ministry-kicks-out-microsoft/

#TechNews #OpenSource #Privacy #Cloud #DataSovereignty #Nextcloud #EU #FOSS #CyberSecurity #IT #Government #Software #Innovation #Digital #Security #Linux

Vorsicht: Betrüger geben sich am Telefon als Apple-Mitarbeitende aus, sprechen teils Schweizerdeutsch und verweisen auf angebliche Hackerangriffe auf die Apple-ID. Um Seriosität vorzutäuschen, wird zeitgleich über Apples internationale Hilfeseiten eine echte Support-E-Mail ausgelöst, die einen angeblichen Rückruf bestätigt.

#qsvpress #cybersecurity
https://cybercrimepolice.ch/de/faelle/gefaelschte-support-anrufe-im-namen-von-apple

I warn you - this will physically hurt to read:

> How did the experts succeed in their intrusion? Mainly by the weakness of certain passwords that Anssi politely describes as “trivial”: type “LOUVRE” to access a server managing the video surveillance of the museum, or “THALES” to access one of the software published by... Thales.

https://archive.ph/l0web

#Louvre #CyberSecurity

Several months ago, I found a #vulnerability from #MantisBT - Authentication bypass for some passwords due to PHP type juggling (CVE-2025-47776).

Any account that has a password that results in a hash that matches ^0+[Ee][0-9]+$ can be logged in with a password that matches that regex as well. For example, password comito5 can be used to log in to the affected accounts and thus gain unauthorised access.

The root cause of this bug is the incorrect use of == to match the password hash:

if( auth_process_plain_password( $p_test_password, $t_password, $t_login_method ) == $t_password )

The fix is to use === for the comparison.

This vulnerability has existed in MantisBT ever since hashed password support was added (read: decades). MantisBT 2.27.2 and later include a fix to this vulnerability. https://mantisbt.org/download.php

#CVE_2025_47776 #infosec #cybersecurity

Remember that frustrating situation where some of us couldn't get a vendor to respond to notifications that court-sealed records and sensitive files were exposed? One entity eventually reached the vendor by phone and was so angry at their response that they wound up canceling their account with them.

Yesterday, I finally reached the second court entity. They, too, wound up telling the vendor to take the share down.

How many other clients may still have exposed data because the vendor tells clients that everything's fine when it isn't? I don't know. If you know any entity using Software Unlimited Corp software (not Software Unlimited Inc, but Software Unlimited CORP), you may want to point them to my coverage:

Original Report:
https://databreaches.net/2025/10/13/months-after-being-notified-a-software-vendor-is-still-exposing-confidential-and-sealed-court-records/

Today's Update:
https://databreaches.net/2025/10/31/how-many-courts-have-had-sealed-and-sensitive-files-exposed-by-one-vendors-error/

#dataleak #vendor #incidentresponse #cybersecurity #SoftwareUnlimitedCorp #FTC #govsec

@zackwhittaker @euroinfosec @campuscodi @JayeLTee